Google has fixed a serious security flaw affecting the Android kernel that was heavily used in the wild.
The vulnerability, tracked as CVE-2024-36971, has been described as a case of remote code execution affecting the kernel.
“There are indications that CVE-2024-36971 may be in limited, targeted exploitation,” the tech giant said noted in its August 2024 Android Security Monthly Bulletin.
As is usually the case, the company did not share any additional information about the nature of the cyberattacks exploiting the flaw or attribute the activity to a specific threat actor or group. It is currently unknown if Pixel devices are also affected by the bug.
However, Clement Lecigne of Google’s Threat Analysis Group (TAG) was is counted with a flaw message, assuming it’s probably in use commercial spyware vendors to penetrate Android devices in highly targeted attacks.
The August patch addresses a total of 47 vulnerabilities, including those discovered in components related to Arm, Imagination Technologies, MediaTek and Qualcomm.
Google also fixed 12 privilege escalation flaws, one disclosure bug, and one denial-of-service (DoS) issue affecting the Android Framework.
In June 2024, the search company discovered an elevation of privilege issue in the Pixel firmware (CVE-2024-32896) was used in limited and targeted attacks.
Google later told The Hacker News that the issue’s impact extends beyond Pixel devices to the broader Android platform, and that it’s working with OEM partners to apply fixes where possible.
The company used to be too is closed two security flaws in the bootloader and firmware components (CVE-2024-29745 and CVE-2024-29748) that were exploited by criminal companies to steal sensitive data.
The development comes from the US Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2018-0824, a lack of remote code execution Microsoft COM for Windows Impact on Known Exploited Vulnerabilities (KEV) catalog that requires federal agencies to apply the corrections by August 26, 2024.
Complement follows a the report from Cisco Talos that the flaw was weaponized by a Chinese nation-state threat actor named APT41 in a cyberattack targeting an unnamed research institute linked to the Taiwanese government to achieve local privilege escalation.
